Expose the physical memory of the target over a TCP port, then connect to the TCP port and mount the physical memory as a file so you can analyze the mounted memory and create a minidump of LSASS for Mimikatz to retrieve credentials. labs.f-secure.com/blog/rethi… @TimoHirvonen @b3arr0